From 4970ca2972e7dc70297aaab81cc13e05b847dcbb Mon Sep 17 00:00:00 2001
From: Miroslav Grepl <mgrepl@fedoraproject.org>
Date: Jun 18 2009 14:10:58 +0000
Subject: - Add labeling for Zend extensions


---

diff --git a/policy-20071130.patch b/policy-20071130.patch
index b99f3c5..ab92271 100644
--- a/policy-20071130.patch
+++ b/policy-20071130.patch
@@ -655066,7 +655066,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mysq
  ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mysql.te serefpolicy-3.3.1/policy/modules/services/mysql.te
 --- nsaserefpolicy/policy/modules/services/mysql.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/mysql.te	2009-03-25 00:08:28.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/mysql.te	2009-06-11 14:20:43.000000000 +0200
 @@ -10,6 +10,10 @@
  type mysqld_exec_t;
  init_daemon_domain(mysqld_t,mysqld_exec_t)
@@ -655108,7 +655108,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mysq
  
  domain_use_interactive_fds(mysqld_t)
  
-@@ -119,3 +128,38 @@
+@@ -119,3 +128,44 @@
  optional_policy(`
  	udev_read_db(mysqld_t)
  ')
@@ -655147,6 +655147,12 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mysq
 +
 +hostname_exec(mysqld_safe_t)
 +
++userdom_dontaudit_search_sysadm_home_dirs(mysqld_safe_t)
++userdom_dontaudit_search_users_home_dirs(mysqld_safe_t)
++
++
++
++
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nagios.fc serefpolicy-3.3.1/policy/modules/services/nagios.fc
 --- nsaserefpolicy/policy/modules/services/nagios.fc	2008-02-26 14:23:10.000000000 +0100
 +++ serefpolicy-3.3.1/policy/modules/services/nagios.fc	2009-02-12 22:21:57.000000000 +0100
@@ -670265,7 +670271,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iscsi.
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.fc serefpolicy-3.3.1/policy/modules/system/libraries.fc
 --- nsaserefpolicy/policy/modules/system/libraries.fc	2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/libraries.fc	2009-04-03 14:00:57.000000000 +0200
++++ serefpolicy-3.3.1/policy/modules/system/libraries.fc	2009-06-09 15:04:55.000000000 +0200
 @@ -69,8 +69,10 @@
  ifdef(`distro_gentoo',`
  # despite the extensions, they are actually libs
@@ -670382,7 +670388,16 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/librar
  # Java, Sun Microsystems (JPackage SRPM)
  /usr/(.*/)?jre.*/.*\.so(\.[^/]*)* --	gen_context(system_u:object_r:textrel_shlib_t,s0)
  /usr/local/(.*/)?jre.*/.*\.so(\.[^/]*)* --	gen_context(system_u:object_r:textrel_shlib_t,s0)
-@@ -287,11 +304,15 @@
+@@ -279,6 +296,8 @@
+ /usr/(local/)?matlab.*/bin/glnx86/libmwlapack\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
+ /usr/(local/)?matlab.*/bin/glnx86/(libmw(lapack|mathutil|services)|lapack|libmkl)\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
+ /usr/(local/)?matlab.*/sys/os/glnx86/libtermcap\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
++/usr/local/Zend/lib/ZendExtensionManager\.so	gen_context(system_u:object_r:textrel_shlib_t,s0)
++/usr/local/Zend/lib/.*/ZendOptimizer\.so	gen_context(system_u:object_r:textrel_shlib_t,s0)
+ 
+ /usr/(.*/)?intellinux/SPPlugins/ADMPlugin\.apl -- gen_context(system_u:object_r:textrel_shlib_t,s0)
+ 
+@@ -287,11 +306,15 @@
  /usr/lib/acroread/(.*/)?lib/[^/]*\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
  /usr/lib/acroread/.+\.api		--	gen_context(system_u:object_r:textrel_shlib_t,s0)
  /usr/lib/acroread/(.*/)?ADMPlugin\.apl	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
@@ -670398,7 +670413,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/librar
  /var/ftp/lib(64)?(/.*)?				gen_context(system_u:object_r:lib_t,s0)
  /var/ftp/lib(64)?/ld[^/]*\.so(\.[^/]*)*	--	gen_context(system_u:object_r:ld_so_t,s0)
  
-@@ -301,6 +322,30 @@
+@@ -301,6 +324,30 @@
  /var/lib/samba/bin/.+\.so(\.[^/]*)*	-l	gen_context(system_u:object_r:lib_t,s0)
  ')
  
@@ -674527,7 +674542,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
 +/root(/.*)?	 	gen_context(system_u:object_r:admin_home_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-3.3.1/policy/modules/system/userdomain.if
 --- nsaserefpolicy/policy/modules/system/userdomain.if	2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/userdomain.if	2009-03-05 13:35:19.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/userdomain.if	2009-06-11 14:20:17.000000000 +0200
 @@ -29,9 +29,14 @@
  	')
  
@@ -677334,7 +677349,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ##	Send a dbus message to all user domains.
  ## </summary>
  ## <param name="domain">
-@@ -5704,3 +6377,408 @@
+@@ -5704,3 +6377,407 @@
  interface(`userdom_unconfined',`
  	refpolicywarn(`$0($*) has been deprecated.')
  ')
@@ -677439,7 +677454,6 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
 +	dontaudit $1 user_home_dir_type:dir search_dir_perms;
 +')
 +
-+
 +########################################
 +## <summary>
 +##	Identify specified type as being in a users home directory
diff --git a/selinux-policy.spec b/selinux-policy.spec
index f0a4613..a6963fc 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -20,7 +20,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.3.1
-Release: 134%{?dist}
+Release: 135%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -444,6 +444,9 @@ exit 0
 %endif
 
 %changelog
+* Thu Jun 18 2009 Miroslav Grepl <mgrepl@redhat.com> 3.3.1-135
+- Add labeling for Zend extensions
+
 * Wed Jun 3 2009 Miroslav Grepl <mgrepl@redhat.com> 3.3.1-134
 - Update Url line